Cryptocurrencies, Crime and Enterprise Cyber-Attack

Over the last year there have been a number of substantial FinTech developments linked to clearance and settlement capabilities utilizing cryptocurrencies and blockchain technology.

Whilst these new technologies are increasingly attractive to financial institutions globally, they have also provided advanced criminal groups with new opportunities. Specifically, these developments increasingly provide the ability for cybercriminals to target enterprise organizations and successfully extort significant amounts of money (seven figures and upwards) via cyber-attacks.

Bitcoin has been the “go-to” currency in which cyber criminals have historically demand their ransoms.

From Bitcoin to XRP, cryptocurrencies have grown in valuation and impact, drawing nation-state threat actors. Understanding the implications on cyber threats will help organisations plan and react to changing situations.

Our whitepaper draws on extensive research and resources to give you a thorough understanding of the principles driving crytpocurrencies, how they are useful for cyber-crime and how this will likely impact enterprise cyber-attacks.

Key points from this paper:

The increased liquidity of cryptocurrencies is supporting larger ransom/extortion payment. This (coupled with innovations that make the tracing of payments increasingly difficult) makes it likely that enterprise businesses will face more frequent/higher impact sophisticated cyber-attack.

Any increase in ransom/extortion demands is likely to correlate with available liquidity, and innovations within the cryptocurrency market that allow greater anonymity.

Cryptocurrencies and distributed ledger technologies are evolving so rapidly that regulation and risk assessment is proving difficult.

Criminals are closely following changes that may help them benefit from the proceeds of digital crimes, greater risk appetite linked to larger cryptocurrency liquidity, transaction speeds and the degrees of obfuscation.

Criminals are also discussing new forms of extortion such as the potential to blackmail organizations using the threat of General Data Protection Regulation (GDPR) disclosure to leverage ransom payment in-line with GDPR fines (maximum fine of 4% of turnover).

MWR InfoSecurity provide specialist advice and solutions in all areas of cyber security, from professional and managed services, through to developing commercial and open source security tools. More about MWR.